Need some help with htaccess hotlink protection
I have two servers, one of them is a linode (I actually have more linodes but that is not relevant here
The linode (server I) contains nothing but mp4 files which are being displayed on our site (server II). The site is being visited by a few million people each month, movies are just a very small part of the content and not very important. I didn't want a sudden popularity of one video cause the site to crash, hence the second server.
We don't allow other people to embed the videos except for some partners, so I use this htaccess
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{REQUEST_FILENAME} -f
RewriteCond %{REQUEST_FILENAME} .(mp4)$ [NC]
RewriteCond %{HTTP_REFERER} !^https?://([^.]+.)?mydomain. [NC]
RewriteRule .(mp4)$ - [NC,F]
This works! Except there is one problem. I do not want to allow empty referrals either, I don't want people to download the file. It works by removing:
RewriteCond %{HTTP_REFERER} !^$
Embedding on my domain works in all browsers, embedding on other domains doesn't work anymore, direct requests don't work anymore…so far so good …BUT the videos are not loading on mobile devices any more….m.mydomain.com BUT if you type m.mydomain in your desktop browser it does work…..confusing
Am I missing something here, driving me mad
Kind regards